04/04/2018

Cybersecurity Starts With the Email Inbox

It’s a familiar narrative: In the wake of a cybersecurity incident, the company investigates the causes and consequences, uncovers the vulnerability, and in hindsight, views that vulnerability as an inexcusable oversight — even though that vulnerability seemed a lot less obvious before the incident.

Ultimately, it’s not that companies are underestimating the problem of cybersecurity — it’s that overestimating the problem is impossible. With the email inbox being the No. 1 attack vector, both organizations and users must be on guard against ransomware, business email compromise, and phishing schemes. In fact, 51 percent of the breaches in 2017 involved malware, and 66 percent of malware was installed via email attachments.

In a recent webinar, Roger Brassard, senior product manager at Zix, discusses how organizations can combat malware and why a comprehensive approach to security that foregrounds protecting the inbox is essential. The modern cybersecurity landscape is both diverse and complex, which means your cybersecurity strategy — particularly when it comes to protecting your email — should be, too.

The Minefield That Is the Inbox

Bad actors target the inbox because it’s an intimate and familiar space where users host close contacts and personal information, often with their guards down. Moreover, cyberattack techniques targeting the inbox are maturing.

Phishing schemes have shifted from imitating logos and login screens to imitating people. Using intimate information, for instance, hackers can make an unusual request appear legitimate, reducing users’ suspicions. Business email compromise goes a step further by introducing sophisticated social-engineering techniques. Hackers develop a pool of personal information from users’ known contacts, then use that familiarity to deceive users into authorizing an account transfer or divulging intellectual property. In fact, BEC schemes are so lucrative that 96 percent of polled businesses dealt with some form of them during the second half of 2017.

Even malware, which is commonly available as a subscription service to bad actors without technical expertise, is getting harder to detect and prevent these days. By now, many users know to be wary of email attachments. But when ransomware is designed to exploit commands and codes using various scripts, clicking an attachment to initiate a download isn’t necessary in order for malware to be disseminated into an organization’s system.

The Foundation of Defense for the Email Inbox

Regardless of these extensive threats, the inbox doesn’t have to be a vulnerability. Organizations that prioritize the following cybersecurity strategies can go a long way toward reducing today’s (and tomorrow’s) risks.

Implement Sender Authentication Protocols: By using Sender Policy Framework, DomainKeys Identified Mail, and Domain-based Message Authentication, Reporting, and Conformance, companies can authenticate an email’s origin. For example, if someone is trying to impersonate a trusted email address by spoofing the email “From” address in the envelope or header, these standards can spot that and block the email, reducing the efficacy of phishing and business email compromise.

Block Malware Attachments: Blocking bad attachments before users have to determine their authenticity is a more effective strategy. By implementing a solution that utilizes sandbox inspection, organizations can quarantine and safely investigate only those files that are deemed suspicious instead of blocking entire categories of file extensions such as BAT, COM, EXE, and VBS. In this way, companies don’t incidentally block important files and disrupt operations.

Disarm Malicious Attachments: Similar to sandbox inspection, only faster as it avoids the sometimes lengthy inspection process, is implementing a solution that offers a “disarm” function that removes malicious macros or script code from attachments, or that converts them to a benign PDF format.

Rewrite Links, and Use Time-of-Click Analysis: Given that users are going to click links, organizations should ensure those links undergo destination inspection every time the user clicks. Rewriting avoids issues with shortened or obfuscated links, and time-of-click analysis ensures that destinations that were safe one day are still safe at some point in the future.

Use Email Encryption: An email can go through multiple transfers before reaching its final destination. At any one of those points, its data is vulnerable to hackers. Utilizing end-to-end and easy-to-use email encryption that protects data at rest and in transit ensures that your information is secure without creating a cumbersome system that users will seek to avoid.

The closer hackers get to your network, the easier it is for them to launch an attack. Your priority must be keeping hackers as far from your systems and data as possible while also ensuring that your data is encrypted. Overall, a comprehensive cybersecurity strategy that focuses on the inbox and the myriad threats it faces is the best way to do this.